Unpushed commits (local main ahead of origin/main)#29
Conversation
There was a problem hiding this comment.
Pull request overview
This PR brings the local main branch changes into review, including minor PHP cleanup plus repository hygiene updates (security/contributing docs and Dependabot configuration).
Changes:
- Refactors
AuthorizationCodeGrantto import and useGetAccessTokenRequestvia ausestatement and simplifies@throwsphpdoc types. - Adds root-level
SECURITY.mdandCONTRIBUTING.md. - Expands
.github/dependabot.ymlto add daily update checks, grouping, and additional ecosystems.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/Traits/AuthorizationCodeGrant.php |
Small import/refactor and phpdoc cleanup for OAuth authorization code grant helpers. |
SECURITY.md |
Adds a security policy document at repository root. |
CONTRIBUTING.md |
Adds a contributing guide at repository root. |
.github/dependabot.yml |
Adds daily schedules, grouping, and new ecosystems (npm/composer) for Dependabot. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,3 @@ | |||
| # Security Policy | |||
|
|
|||
| If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. | |||
There was a problem hiding this comment.
SECURITY.md already exists under .github/SECURITY.md with the same content; keeping both introduces duplication and the risk of the policies diverging later. Prefer keeping a single canonical security policy file (either the root file or the .github/ one) and remove the duplicate.
| If you discover any security related issues, please email info@codebar.ch instead of using the issue tracker. | |
| The canonical security policy for this project is maintained at `.github/SECURITY.md`. | |
| Please refer to that file for up-to-date information on how to report security issues and our security response process. |
| - package-ecosystem: "npm" | ||
| directory: "/" | ||
| schedule: | ||
| interval: "daily" | ||
| allow: | ||
| - dependency-type: "direct" | ||
| ignore: | ||
| - dependency-name: "*" | ||
| update-types: [ "version-update:semver-major" ] | ||
| groups: | ||
| minor-and-patch: | ||
| update-types: [ "minor", "patch" ] | ||
|
|
There was a problem hiding this comment.
This repo doesn't appear to contain a package.json/yarn.lock/pnpm lockfile, so a Dependabot package-ecosystem: "npm" entry targeting directory: "/" will fail and repeatedly report configuration errors. Remove the npm update block or point it at the directory that actually contains the Node manifest(s).
| - package-ecosystem: "npm" | |
| directory: "/" | |
| schedule: | |
| interval: "daily" | |
| allow: | |
| - dependency-type: "direct" | |
| ignore: | |
| - dependency-name: "*" | |
| update-types: [ "version-update:semver-major" ] | |
| groups: | |
| minor-and-patch: | |
| update-types: [ "minor", "patch" ] |
| # Contributing | ||
|
|
||
| Contributions are **welcome** and will be fully **credited**. | ||
|
|
||
| Please read and understand the contribution guide before creating an issue or pull request. |
There was a problem hiding this comment.
CONTRIBUTING.md already exists under .github/CONTRIBUTING.md with the same content; adding a second copy at the repository root increases the chance the two drift over time and creates ambiguity about which one contributors should follow. Prefer keeping a single canonical contributing guide (either the root file or the .github/ one) and remove the duplicate.
Local main was 3 commit(s) ahead of origin/main. Opened from update-opensource-active.sh for review.